SAN ANGELO, TX – UPDATE: The city of San Angelo is dealing with a confirmed second data security breach of its water billing system in less than two years. Since the data breach, the city has taken steps to protect residents by disabling the compromised one-time payment feature. The city has also sent their server to be assessed and expect the final forensic report by or before the beginning of December.
“Last year when this happened, we immediately started looking for another payment system,” explained Petra Trevino, customer service manager for the San Angelo water department. “To us that one time was enough. We actually have Invoice Cloud [who] is going to be our new payment system that we’re going to be [using]. We’ve been working on it very hard so there’s been a lot of transition going on one of the transitions was to disable the one time payments. What we’ve been able to identify thus far, is it was caused in the one time payment option last time it was a little bit more aggressive. It impacted any credit card users. We still haven’t gotten our forensics final report, they’re still looking at it, they did identify and did let us know it was the one time payment option.”
Unlike the first breach, which placed all users at risk, this breach only impacted those using the one-time payment feature. The upcoming vendor change, from Click-to-Gov over to Invoice Cloud, is expected to occur by or before 2020.
“We will be probably, you’ll be seeing more more of a transition closer to the middle of December, the 16th timeframe,” said Trevino. “Hopefully, if everything goes well with our testing, that’s when we plan to go.”
ORIGINAL ARTICLE: In a press release issued on Wednesday, November 13 the city of San Angelo stated that “some water customers may have noticed irregularities with their credit and debit card accounts after recently paying their monthly statement through the City’s online payment system.”
The city advises water customers who make online payments to monitor their accounts for unauthorized charges. The city’s third-party vendor is analyzing data to determine the extent of any security breaches and has provided a preliminary time frame for those affected to have occurred from late August to mid-October.
As soon as more data is uncovered, the information will be reported to all affected customers. If the vendor finds that the system was vulnerable, then customers who made credit card payments during that period will be contacted by mail.
The online “one-time” payment option on the city utility webpage has been temporarily disabled. Payments may be made by calling (325) 657-4323 or via cash, check or credit card from 8 a.m. to 5 p.m. weekdays at City Hall Annex, 301 W. Beauregard Ave. A 24-hour dropbox is also available at City Hall Annex.